Report: An Analysis of Bitcoin’s Use in Illicit Finance

By Michael J. Morell

During his 33-year career at CIA, Michael Morell served as Deputy Director for over three years, a job in which he managed the Agency's day-to-day operations, represented the Agency at the White House and Congress, and maintained the Agency's relationships with intelligence services and foreign leaders around the world.  Michael also served twice as Acting Director. Michael's senior assignments at CIA also included serving for two years as the Director of Intelligence, the Agency's top analyst, and for two years as Executive Director, the CIA's top administrator—managing human resources, the budget, security, and information technology. Michael was the only person who was both with President Bush on September 11th, and with President Obama on May 1st, when Bin Laden was brought to justice.

As Bitcoin and other cryptocurrencies rise to record levels ahead of the direct offering of crypto exchange Coinbase, former Acting CIA Director Michael Morell is pushing back against conventional wisdom that says Bitcoin is ripe for illicit activity. 

In a report sponsored by the Crypto Council for Innovation (a lobbying group created by Coinbase, Fidelity Square and Digital Assets), Morell argues that Bitcoin isn’t any more exposed to illicit use than other forms of currency.

The Cipher Brief talked with Morell about his findings and how they intersect with national security.  

The Cipher Brief is publishing the full report, with permission.  For insights on why Morell undertook this sponsored study, and how it relates to US national security, read My Experience with Bitcoin and Challenging Conventional Wisdom, exclusively in The Cipher Brief.

An Analysis of Bitcoin’s Use in Illicit Finance

by Michael Morell with Josh Kirshner and Thomas Schoenberger


New technologies almost always come with both significant benefits for society as well as negative externalities. It is the role of government officials to make policy that allows the benefits to flourish while protecting us from the downsides. As I saw firsthand in my 33-year career at the Central Intelligence Agency, the process our government uses to get this balance right can often be frustratingly slow, but it has ultimately and typically met the challenge.

One example is how our government has adjusted to technological advances in financial and payment networks while simultaneously safeguarding vital systems.  Online banking was introduced in 1994, but it was not until 1999, with passage of the Uniform Electronic Transfers Act (followed by passage of the federal E-SIGN Act in 2000), that standards were put in place to establish the legality of electronic documents and signatures.  Adoption of online banking grew substantially as these laws were enacted and as a regulatory framework took shape to match what were then considered revolutionary technological advancements.

Today, the rapid adoption of blockchain technologies, and the cryptocurrencies they support, are on their way to revolutionizing global financial and payment systems.  And, as expected, we are beginning to see a balancing between innovators and regulators, with prominent voices weighing in— some touting cryptocurrency as the future of finance and others raising concerns about the illicit finance implications of the cryptocurrency ecosystem.

Having devoted my career to protecting and advancing the national security interests of the United States, I recognize the importance of ensuring that technological advancements related to critical industries are accompanied by smart, informed, and timely adjustments to regulatory frameworks, policies, and laws. Those who safeguard our nation simply must have the right tools to do their jobs. Period.

It is against this backdrop that I, and two of my colleagues from Beacon Global Strategies, conducted an analysis regarding the degree of illicit activity associated with cryptocurrencies in general and Bitcoin in particular.  The project was sponsored by a group of leading cryptocurrency innovators and investors.  The terms of the engagement were that I would “call it as I see it,” with objectivity and transparency, just as I had done throughout my career as an intelligence analyst. I am hopeful that this analysis will help advance a healthy and fact-based dialogue as policymakers determine how to best ensure that these financial innovations serve the national interest.


So far, 2021 has been a year of significant developments and milestones for Bitcoin.  Its price surpassed $60,000 for the first time in its history. Major corporations, from Tesla to Square to MicroStrategy, are adding it to their balance sheets. Large banks are providing Bitcoin related services, with Morgan Stanley saying it will soon offer access to three Bitcoin funds for its wealth management clients. Canada has approved Bitcoin exchange traded funds (ETFs). There is growing momentum for Bitcoin’s emerging use as a store of value.

Yet there is a common belief that the Bitcoin market is rife with illicit activity, with many holding this belief pointing to several high-profile incidents. When the illicit Silk Road darknet market (DNM) was shut down in 2013, more than 26,000 Bitcoin were seized by the FBI. AlphaBay, formed in 2014 and widely viewed as an heir to Silk Road, was shuttered by international authorities in 2017 after building a customer base of over 400,000, with transactions conducted largely in Bitcoin. The 2017 WannaCry ransomware attack that infected more than 200,000 computers worldwide required payment in Bitcoin. Bitcoin was even used to help fund some of those involved in the insurrection at Capitol Hill on January 6.

The conventional wisdom on this issue has been reinforced by public statements from senior government officials on both sides of the Atlantic who have suggested that Bitcoin is used primarily for illicit activities.  Eye-catching media reports, like a recent Buzzfeed article titled, “Secret Documents Show How Terrorist Supporters Use Bitcoin – And How the Government is Scrambling to Stop Them,” seem to add weight to such remarks.

In undertaking our analysis, we consulted a diverse group of experts in the fields of cryptocurrency technology and investment, financial services, payment systems, global intelligence and security, financial regulation, and law enforcement. We interviewed executives from major blockchain analytics firms, former senior Treasury Department officials, a senior official from the Commodity Futures Trading Commission (CFTC), and a former CIA intelligence analyst, as well as academics, venture capital investors, former federal prosecutors, and a former leader in the banking industry. We also consulted studies from the U.S. Department of Justice; the Financial Crimes Enforcement Network (FinCEN); the Financial Action Task Force (FATF); major blockchain analytics firms; the Brookings Institution; RAND Corporation; BAE Systems; and the Foundation for the Defense of Democracies.

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

Sigal Mandelker, a former Acting Deputy Secretary of the Treasury and Under Secretary of the Treasury for Terrorism and Financial Intelligence, as well as former Department of Justice official and prosecutor, gave us a significant amount of her time to tap into her wealth of experience on the issue.

I began this work expecting that I would find a set of facts supporting the conventional wisdom on this issue.  After all, I believed that Bitcoin and other cryptocurrencies are a largely anonymous way to transfer funds anywhere in the world nearly instantaneously.  And I assumed that those officials who have raised concerns about the use of Bitcoin in illicit activity—with the objective of ensuring regulatory vigilance—must be among the best-informed experts on this issue.

However, based on our research and discussions with industry experts, I have confidence in two conclusions:

  • The broad generalizations about the use of Bitcoin in illicit finance are significantly overstated.
  • The blockchain ledger on which Bitcoin transactions are recorded is an underutilized forensic tool that can be used more widely by law enforcement and the intelligence community to identify and disrupt illicit activities. Put simply, blockchain analysis is a highly effective crime fighting and intelligence gathering tool.

Bitcoin’s Use in Illicit Activity is Relatively Limited

It is true that cryptocurrency, like other new technologies and innovations, has attracted the attention of illicit actors.  And not surprisingly, just as Bitcoin is the most commonly held cryptocurrency, it is also the coin most often found in DNM wallets by a wide margin. The fact that Bitcoin is being used by illicit actors is likely the basis of recent and widely reported comments by government and regulatory officials. But digging deeper, their statements center on two assertions: First, that Bitcoin is used “frequently” or “primarily” for illicit financial transactions, and second, that the use of Bitcoin in such transactions is growing.

Notwithstanding such statements, a senior executive at a major cryptocurrency analytics firm told us that the common belief that Bitcoin is both primarily and increasingly used for purposes of illicit finance is “uninformed and not based on data” and that “there are no numbers and no methodologies” supporting it.

According to a recent study by blockchain analytics firm Chainalysis, illicit activity among all cryptocurrencies as a percent of total cryptocurrency activity from 2017 to 2020 was less than 1 percent. For Bitcoin specifically, blockchain analytics firm CipherTrace estimates that illicit activity makes up less than 0.5 percent of total transaction volume.

Sources: Chainanalysis 2018 Crypto Crime Report; ChipherTrace Cryptocurrency and Anti-Money Laundering Report, February 2021

Meanwhile, estimates of illicit activity in the economy as a whole, overwhelmingly conducted through traditional financial intermediaries and with traditional fiat currencies, are on the order of 2 to 4 percent of global GDP. Indeed, FinCEN’s Bank Secrecy Act (BSA) database contains over 300 million Suspicious Activity Reports (SARs), with an additional 20 million added each year. Not all these SARs equate to illicit activity in the traditional banking system, but many do.

A former CIA analyst added credence to the above estimates, telling us that, due in part to the difference in overall volume, most illicit activity still takes place in the traditional banking system and not via cryptocurrency. A 2020 BAE Systems report, commissioned by SWIFT, further noted that “identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods”.






All of this together suggests a broader point—that the illicit use of cryptocurrencies in general and in Bitcoin in particular is certainly not higher than it is in the traditional banking system and is most likely less.

Of course, the data collected by the blockchain analytics firms is based on illicit activity that they actually see; the estimates do not attempt to quantify the size of illicit activity that they cannot see and analyze.

However, the firms we spoke with believe the unseen illicit activity is relatively small.  One said it believes that it sees most illicit activity, while another estimates that unseen activity is no more than what they do see. And, while it is true that we don’t know what we don’t know in the cryptocurrency market, the same is true of illicit activity in the banking system and in cash, as evidenced by the lack of firm estimates for these payment systems.

According to the Chainalysis study, the two most significant types of illicit activity are those related to “simple” scams and purchases on the dark web.  Ransoms for ransomware attacks are difficult to measure, but data suggest it is the fastest growing category of cryptocurrency crime, while terrorist-related activity and payments related to sanctions evasion remain quite small.

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

On the key issue of terrorist financing, the former CIA terrorism expert believes that the hype is much greater than the reality and that cryptocurrency is not yet an important platform for terrorist organizations. He added that cryptocurrency crowdfunding efforts of such groups have typically brought in only a few thousand dollars before being shut down. A 2019 study by the RAND Corporation further concluded that terrorist use of cryptocurrencies is minimal and that no current cryptocurrency provides a terrorist group what it would need to be a significant user.   However, the former CIA terrorism expert also noted that some groups are beginning to use more sophisticated cryptocurrency anonymizing techniques to conceal their flow of funds, which is a key development to monitor.

As noted earlier, Bitcoin is by far the largest cryptocurrency used in illicit flows. However, two major cryptocurrency analytics firms have concluded that this is due to Bitcoin’s dominance in the market and, therefore, its accessibility, not because it has attributes that make it more attractive to illicit users. Bitcoin, in fact, represents more than 60 percent of the total market capitalization of cryptocurrencies, with over 4,000 other currencies comprising the remaining 40 percent.

And while Bitcoin is the cryptocurrency most used in illicit activity, other cryptocurrencies are used far more often for illicit purposes as a share of their total transactions. One blockchain analytics expert said that, for Anonymity-Enhanced Cryptocurrencies (“AECs” or “privacy coins”), such as Monero, which use built-in protocols to hide information about transactions, illicit activity as a percent of total transaction volume is “far larger” than it is for Bitcoin.

There is also mounting evidence that illicit activity is flowing away from Bitcoin and toward AECs.  The 2020 RAND report referenced above noted such a shift from Bitcoin to cryptocurrencies with stronger anonymity. The prominent DNM “White House Market” has moved to accepting Monero exclusively. Similarly, the ransomware group, Sodinokibi, no longer accepts Bitcoin as payment and will only take Monero.


Growing use of AECs for illicit activity was further highlighted in an October 2020 advisory issued by FinCEN that stated, “[illicit actors] are increasingly requiring or incentivizing victims to pay in AECs that reduce the transparency of [cryptocurrency] financial flows, including ransomware payments, through anonymizing features”. The advisory added that “[s]ome ransomware operators have even offered discounted rates to victims who pay their ransoms in AECs.”

Blockchain Technology is a Powerful Forensic Tool 

Blockchain technology is a powerful but underutilized forensic tool for governments to identify illicit activity and bring criminals to justice.  One expert on the cryptocurrency ecosystem called Bitcoin blockchain technology a “boon for surveillance.”  A currently serving official at the CFTC added that it “is easier for law enforcement to trace illicit activity using Bitcoin than it is to trace cross-border illegal activity using traditional banking transactions, and far easier than cash transactions.” Former senior Treasury official Sigal Mandelker agreed and said that this view is shared by a number of people in this space who also have experience working in law enforcement and with data from financial institutions.







In a February 2021 testimony before the House Subcommittee on National Security, International Development and Monetary Policy, former Assistant Secretary of the Treasury for Terrorist Financing and Financial Crimes Daniel Glaser stated that, when it comes to transparency in the international financial system and the domestic financial system, “cryptocurrencies provide enhanced opportunities in certain ways for law enforcement agencies to be able to trace transactions”. Glaser added that the U.S. government should “bring [cryptocurrencies] into the system and regulate them in the appropriate way.”

One expert told us that the chance of catching illicit actors is “magnitudes greater” using blockchain than in the traditional banking sector.  Another went so far as to say that “if all criminals used blockchain, we could wipe out illicit financial activity.”  In fact, its transparent nature led one blockchain analytics expert to compare transactions on blockchain to having the “whole world” be a witness to paying someone $2,000 in a dark alley. Based on our research, I have come to believe that if there was one financial ecosystem for bad actors to use that would maximize law enforcement’s chances of identifying them and their illicit activities, it would be blockchain.

Blockchain technology enables this forensic power because it captures every single transaction for all to see—it provides governments and the public at large with a permanent, unchangeable record of transactions.  When viewed together with other data derived from the analysis of blockchain analytics as well as traditional law enforcement tools like subpoenas, blockchain technology can allow for the identification of both illicit activity and the identities of end users.  The ability to detect illicit activity and identify the perpetrators is not perfect, but it has grown significantly over the last few years.

Broader enforcement of Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations would further enhance the ability of law enforcement to identify illicit Bitcoin activity. While a growing share of Bitcoin are held on centralized exchanges, CipherTrace reported that 56 percent of global Virtual Asset Service Providers (VASPs) still have “weak or porous KYC processes”. Given this, I expect that further applying KYC and AML regulations, long seen as effective by senior government officials, will help assuage their concerns about Bitcoin transactions.

Decentralized exchanges (DEXs), which typically do not have a central authority on which to apply KYC and AML regulations, are also an emerging challenge. Although DEXs are responsible for only a small portion of overall cryptocurrency transaction volume, their decentralized, mostly open-source nature adds an additional layer of anonymity and thus offers increased opportunities for moving illicit funds. Therefore, DEX operations will remain a challenge for government regulators, particularly with regard to their use in facilitating transactions between more anonymous “unhosted” wallets.

Like other illicit activities, such as the use of performance enhancing drugs in athletics, authorities are constantly working to catch up to new masking techniques used by illicit actors. In the case of cryptocurrency, blockchain analytics firms are developing new forensic tools to counter the use of technologies that create more anonymity—like privacy coins, mixers, tumblers, layering, and chain-hopping.

For example, in September 2020, Chainalysis was awarded a $625,000 grant from the IRS to develop Monero-tracking software. Last November, CipherTrace also filed two patents for technologies related to tracing Monero transactions after working with the U.S. Department of Homeland Security. Finally, in December 2020, cryptocurrency forensics software was even able to reliably trace stolen Bitcoin that had been passed through several coin mixers.

Blockchain forensics can be used in multiple ways by law enforcement and intelligence services.  First, it can be used as an investigative tool in existing cases; law enforcement can use the blockchain to uncover the illicit activity of the target of an investigation (and identify other potential bad actors linked via the blockchain to that target).  Second, by using artificial intelligence algorithms developed from patterns of how illicit actors behave in the ecosystem, it can identify previously unknown bad actors.  To this end, the blockchain allows law enforcement to adopt a much more sophisticated proactive network strategy to identify illicit activity.

All of the experts we consulted believe that governments have been slow to recognize the forensic power of blockchain technology.  This lag reflects a lack of awareness at senior and working levels, as well as the challenges understanding and working with the extreme complexity of the computer science associated with blockchain forensics. While there is a growing cadre of government officials who have successfully used blockchain analytic tools to prosecute bad actors and seize illicit proceeds, relatively few current government employees have the skills to use this technology to its full potential.

One expert went even further, saying that the biggest threat involving cryptocurrencies is not illicit finance but rather that governments do not yet fully understand the power of blockchain as a tool for law enforcement and intelligence agencies. However, the expert also noted that awareness of this power is beginning to expand as governments engage with the three major blockchain analytic firms, Chainalysis, CipherTrace, and Elliptic. Beyond the United States, blockchain forensics are being used by government agencies in Europe, Japan, and South Korea.

This gradual recognition helps explain the number of significant legal cases that have been broken through the use of blockchain analysis.  In November 2020, the IRS along with Chainalysis, was able to retrieve $1 billion worth of illicit Bitcoin related to the now-defunct Silk Road DNM.

In the July 2020 breach of Twitter’s network, when over 100 high-profile accounts were hacked to promote a scam asking followers for Bitcoin, it took only two weeks for investigators to identify the perpetrators and make arrests.  Investigators linked the wallet addresses to user accounts on various forums.  Then, using blockchain analytics, they traced stolen funds to various exchanges, worked with those exchanges to identify the users, and matched that user information to the data found on the forums.  Notably, investigators identified an individual who never posted anything publicly that could link him to his real-world identity by analyzing transactions between Bitcoin addresses.

Finally, in late 2020, the law firm Kobre & Kim was able to use blockchain analysis to trace and retrieve $32 million in cryptocurrency that had been passed through coin mixers. As the tools that these firms employ grow more sophisticated, illicit actors are finding it increasingly more difficult to conceal their activity.

And as more seizures and arrests are made, we believe illicit actors—who are technology-agnostic—will continue to move away from using Bitcoin for money laundering purposes to other avenues that make it easier for them to hide their activities.  It will essentially be the financial equivalent of Usama bin Ladin, after learning that the U.S. Government could listen to his calls, never again using a landline or a cell phone.


In light of the conclusions we have reached, why do we see such alarmist statements and articles about the threat posed by Bitcoin?  There are several reasons.  First, this is a new technology, and it is complicated to comprehend—and people are typically fearful of what they do not understand.

Second, bad news drives perceptions more than good news; in brief, fear makes headlines.  A story about a French citizen sending Bitcoin to individuals involved in the insurrection at the U.S. Capitol crowds out stories of the use of blockchain-enabled forensics to solve a crime.  We need to reevaluate these sorts of stories by recognizing that it was the transparent nature of the blockchain that allowed law enforcement to so quickly identify the trail of illicit payments, whereas such payments made through the traditional financial system might have proven more difficult to trace.

Finally, Bitcoin and its decentralized nature seems to pose a disruptive threat to traditional financial institutions.  The same could have been said for electronic banking and e-signatures 20 years ago, which stirred up significant debate regarding consumer protection and integrity of the financial system.  Eventually, traditional financial institutions found ways to successfully incorporate it into their businesses.  And any new technology as innovative as blockchain will represent a risk to the established methods of the finance industry.  It will be the government’s role to identify how to best use and regulate blockchain technology to advance the national interest.

My entire 33-year career at the Central Intelligence Agency was driven by one over-riding mission – presenting objective facts and analysis to policymakers so that they could make the best possible decision for the country.  Such facts and analysis help overcome fear, misperception, and narrow interests (as opposed to the national interest).  My hope with this paper is not that it will be the final word on the issue of Bitcoin and illicit finance but rather, as I noted in the introduction, that it will lead to a more fact-based discussion of the issue.

This analysis by former CIA Acting Director Michael Morell was developed with Josh Kirshner and Thomas Schoenberger and was sponsored by the Crypto Council for Innovation. 

Josh Kirshner is a Senior Vice President at Beacon Global Strategies. From 2009-2013 he was the Special Assistant for Political-Military Affairs to the Under Secretary of State for Arms Control and International Security.  

Thomas Schoenberger is an Associate at Beacon Global Strategies and has prior experience working in both the Department of the Treasury and the Department of Commerce.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

Related Articles